<?php
error_reporting(0);
$isadmin=1; 
include '../comm/config.php';
include '../comm/checkpostandget.php';
session_start();
$name=$_POST['username']; $pwd=$_POST['password']; $yzm=$_POST['yzm']; if($yzm==""||$yzm!=$_SESSION["code"])
{
	echo "<meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><script language=javascript>alert('错误：验证码填写错误！');window.location='login.php';</script>";
	exit;
}
if($name!=""&&$pwd!="")
{
	$link = mysql_connect($dbserver, $dbuser, $dbpass);
	if (!$link) {
		 die(ERR_DB);
	}
	mysql_select_db($dbname);
	
	$pwd=md5($pwd);
	
	$q = "SELECT * from ".$BIAOTOU."duoduo2010 where adminname='".$name."' and adminpass='".$pwd."'";

	mysql_query("set names utf8");
	$rs = mysql_query($q);
	$num = mysql_num_rows($rs);
	
	if($num!=0)
	{   	
		$ip=$_SERVER["REMOTE_ADDR"]; $sj= date("Y-m-d H:i:s");
		$q = "update ".$BIAOTOU."duoduo2010 set loginnum=loginnum+1 ,lastlogintime=logintime,logintime='$sj',lastloginip=loginip,loginip='$ip' where adminname='".$name."'";	
		mysql_query($q);
		$_SESSION["adminusername"] = $name; 
		echo "<script language=javascript>window.location='main.html';</script>";
	}
	else
	{
		echo "<meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><script language=javascript>alert('错误：用户名或密码错！');window.location='login.php';</script>";
	}
	mysql_close($link); 	
}
else
{
		echo "<meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><script language=javascript>alert('错误：用户名或密码为空！');window.location='login.php';</script>";
}
?>